[DTrace-devel] [PATCH 2/4] Fix potential NULL pointer dereference issue
Eugene Loh
eugene.loh at oracle.com
Wed Jun 10 09:08:39 PDT 2020
On 06/10/2020 08:23 AM, Kris Van Hees wrote:
> The dt_link_stmt() function has all failure conditions (always known
> to be memory allocation issues) jump to the 'fail' label to ensure
> that allocated memory is freed. However, if fdp failed to be aloocated
> we end up dereferencing a NULL pointer (fdp->dtdo_breltab).
allocated
> Signed-off-by: Kris Van Hees <kris.van.hees at oracle.com>
> ---
> libdtrace/dt_cc.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/libdtrace/dt_cc.c b/libdtrace/dt_cc.c
> index 5319c173..2b687bb0 100644
> --- a/libdtrace/dt_cc.c
> +++ b/libdtrace/dt_cc.c
> @@ -2404,9 +2404,11 @@ dt_link_stmt(dtrace_hdl_t *dtp, dtrace_prog_t *pgp, dtrace_stmtdesc_t *sdp,
> return 0;
>
> fail:
> - dt_free(dtp, fdp->dtdo_breltab);
> - dt_free(dtp, fdp->dtdo_buf);
> - dt_free(dtp, fdp);
> + if (fdp) {
> + dt_free(dtp, fdp->dtdo_breltab);
> + dt_free(dtp, fdp->dtdo_buf);
> + dt_free(dtp, fdp);
> + }
>
> return dt_set_errno(dtp, EDT_NOMEM);
> }
More information about the DTrace-devel
mailing list